Out of the box this isn't possible (yet) as far as I know.

However, you could set the required authentication to “no” and create your own authentication method and block a “user” based on your own logic. Another side effect of this method is that there will be no creation of a session object for each API call which might be benefitial for your performance.

Hi,

If account inherits from System.User, as shown below:

So, you can set the block attribute to true:

You can use an attribute in the account to keep track of the number of attempts, and when it reaches a certain threshold, you can set the block.

And if necessary, you can use an authentication module from the marketplace to control the login process.